Legal

Privacy Policy

UK GDPR & Data Protection Act 2018 compliant. Effective 29 May 2026.

1. Who we are

rinKo is the data controller for personal data we collect about you when you sign up to or use our platform. Contact us at privacy@rinko.co.uk.

2. What we collect

Account data: name, email, password (hashed), phone number, business name, and the chosen template.

Billing data: payment method tokens (held by Stripe — we never see your card number), invoice history, billing address.

Usage data: which pages you visit in your dashboard, when you log in, what changes you make to your site config.

Site visitor data: when visitors browse a site you publish on rinKo, we may collect their IP, browser, and pages viewed for analytics — this data is held for you under your instructions.

3. How we use it

  • To provide the rinKo platform and run your site
  • To process payments and prevent fraud
  • To send transactional emails (welcome, password reset, billing notices)
  • To respond to support requests
  • To improve the platform (anonymised aggregate analytics)
  • To comply with legal obligations

We do not sell your data. We do not use your data for advertising. We do not share it with third parties except processors who help us run the service (Stripe for billing, Brevo for email, our hosting provider).

4. Lawful basis

We process your data on the basis of contract performance (delivering the service you signed up for), legitimate interest (security, fraud prevention), and legal obligation (tax records).

5. How long we keep it

Account data: while your account is active, plus 30 days after deletion for backup purposes.

Billing records: 7 years (legal requirement for tax records).

Server logs: 90 days.

6. Your rights

You have the right to:

  • Access — request a copy of your data (use the Export button in your dashboard)
  • Rectify — correct inaccurate data
  • Erase — request deletion of your account and data
  • Restrict processing in certain circumstances
  • Port your data to another service (we provide JSON exports)
  • Object to processing based on legitimate interests
  • Lodge a complaint with the ICO (ico.org.uk, 0303 123 1113)

7. Cookies

We use essential cookies for authentication and session management (rk_token, rk_tenantId). Optional analytics cookies require your consent via the cookie banner.

8. International transfers

Our servers and primary processors (Stripe, Brevo) are located in the UK and EEA. Where data is processed outside the UK, we rely on UK adequacy decisions or Standard Contractual Clauses.

9. Updates

We will email you at least 30 days before any material change to this policy.

10. Contact

Privacy questions: privacy@rinko.co.uk